Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Bundespolizei Trojaner

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 23.07.2012, 18:06   #1
mr-blister
 
Bundespolizei Trojaner - Standard

Bundespolizei Trojaner



Hallo Leute

mal wieder der Bundespolizei Trojaner.
Dieses mal hat es mich erwischt.

War im Internet surfen und auf einmal kommt das berühmte Bild.

Hab dann neu gestartet im abgesicherten Modus und Malwarebytes ausgeführt im Quick-Scan. Der hat dann auch die unten genannten Bösewichte gefunden und in Quarantäne verschoben.

Danach konnte ich wieder normal das System starten. In Eigene Dateien wurde nichts verschlüsselt.

Im Moment führe ich gerade den Eset Online Scanner aus (log kommt dann)

Log von Malwarebytes
Code:
ATTFilter
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.23.09

Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
Chris :: CHRIS-MASTER-PC [Administrator]

23.07.2012 17:31:07
mbam-log-2012-07-23 (17-31-07).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 222483
Laufzeit: 5 Minute(n), 11 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 1
C:\Users\Chris\AppData\Local\Temp\E_N4 (Worm.Autorun) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 8
C:\Users\Chris\AppData\Local\Temp\fe0_zip.exe (Spyware.Zbot.DG) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Chris\AppData\Local\Temp\tmp_2.exe (Backdoor.Poison) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Chris\AppData\Local\Temp\E_N4\krnln.fnr (Trojan.FlyStudio) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk (Trojan.Ransom.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Chris\AppData\Local\Temp\E_N4\eCalc.fne (Worm.Autorun) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Chris\AppData\Local\Temp\E_N4\GDI+Ö§³Ö¿â.fne (Worm.Autorun) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Chris\AppData\Local\Temp\E_N4\PhyDMACC.dll (Worm.Autorun) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         

Geändert von mr-blister (23.07.2012 um 18:12 Uhr)

Alt 24.07.2012, 02:47   #2
t'john
/// Helfer-Team
 
Bundespolizei Trojaner - Standard

Bundespolizei Trojaner





1. Schritt

Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".

2. Schritt
Systemscan mit OTL (bebilderte Anleitung)

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)- Doppelklick auf die OTL.exe
- Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
- Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
- Unter Extra Registry, wähle bitte Use SafeList
- Klicke nun auf Run Scan links oben
- Wenn der Scan beendet wurde werden 2 Logfiles erstellt
- Poste die Logfiles hier in den Thread.
__________________

__________________

Alt 24.07.2012, 19:59   #3
mr-blister
 
Bundespolizei Trojaner - Standard

Bundespolizei Trojaner



Leider habe ich es verpeilt mit dem Malwarebytes Log. Hab es zu schnell weggeklickt. Aber es wurde nichts gefunden.

Der Inhalt der Extras.txt
Code:
ATTFilter
OTL Extras logfile created on: 24.07.2012 19:20:39 - Run 1
OTL by OldTimer - Version 3.2.54.0     Folder = C:\Users\Chris\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 1,67 Gb Available Physical Memory | 41,73% Memory free
8,00 Gb Paging File | 5,41 Gb Available in Paging File | 67,71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 298,09 Gb Total Space | 31,21 Gb Free Space | 10,47% Space Free | Partition Type: NTFS
 
Computer Name: CHRIS-MASTER-PC | User Name: Chris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [dm Fotowelt] -- "C:\Program Files (x86)\dm\dm Fotowelt\dm Fotowelt.exe" "%1"
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [dm Fotowelt] -- "C:\Program Files (x86)\dm\dm Fotowelt\dm Fotowelt.exe" "%1"
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02881848-8517-43AC-8BB3-9931F4DD46F6}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer | 
"{0508D87A-3420-4DEC-8C53-E9457C7EBC34}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 
"{0DC230CC-2E4A-4A1E-B4D7-0A1250737DD2}" = lport=445 | protocol=6 | dir=in | app=system | 
"{1960E825-9FB3-4112-B3BD-813A3FBBE414}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{1E70252E-82A1-4D89-8DEE-50728DA72A9C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{29C60310-1ADB-48E7-9991-0C6A33A3FA99}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{2ADC952C-0E78-405D-9552-839071A17E45}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{34034A01-6710-4CF4-9A80-00C3C7C8A382}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{35AA9067-6B8D-4603-9E9D-94B610A8D32E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{3B6713F3-35A2-4D8B-8306-80CC235E0C79}" = rport=445 | protocol=6 | dir=out | app=system | 
"{3E4BB036-D4B1-46FC-99D5-3E02214493B7}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery | 
"{492D9E90-3DA3-4732-816D-4ACD617ACF66}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{53B0B57E-DED6-4EDB-A296-5D3E0285CBCE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{7CAC53C4-FF03-41B9-B96E-F71D1A850AFA}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{9317C5D8-ADB6-4772-9972-99A03B57D0B5}" = lport=138 | protocol=17 | dir=in | app=system | 
"{B4B74515-94CD-4A01-845F-900F8C74D4BA}" = rport=138 | protocol=17 | dir=out | app=system | 
"{B990C07F-2B24-4BB2-93EC-8EAF67B71320}" = lport=137 | protocol=17 | dir=in | app=system | 
"{C1245C4E-AB96-4F92-9E44-2C148B29A181}" = rport=139 | protocol=6 | dir=out | app=system | 
"{C1DFE7E6-F4DF-46ED-A14C-BF5EF91D4251}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C37842B6-7ED7-4168-8A17-E285266CB300}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C381F883-5FDA-4031-A21D-1E989026CFFC}" = rport=137 | protocol=17 | dir=out | app=system | 
"{CFAEE480-3CB1-431D-9F87-46E9AB44AD99}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{D25E2C62-B710-4186-BE8E-616D1E7C3AFD}" = lport=139 | protocol=6 | dir=in | app=system | 
"{D5A408F7-070D-40DA-997A-EFAD13077E0E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{DA91C83F-1C0C-43D2-9A51-7AE6A9E2C381}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{E40F52C0-8769-4571-956B-F6F349AA1CF3}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{E586ADE7-1F89-4A79-958B-8B6E5A1D22AE}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery | 
"{ED3634F8-42FC-4977-BCDB-F724C0E93CDA}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00A9FFCA-4F1D-4A2A-AB5F-1CE75F444AF5}" = protocol=17 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe | 
"{07BA6760-EA27-4C9E-9795-9DF854890647}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{07C6C067-4E71-40F2-A9D1-E3455D893B1A}" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | 
"{11610B2D-D3B1-4EE3-B51E-E21470208991}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{14E89765-D77D-448A-B996-87FED73E972F}" = protocol=6 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe | 
"{1A4FEF0D-62D1-46C9-8B76-07308B538B3E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{27BA050A-D040-44AB-A665-D8F42DDEC387}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{2965A893-15E0-4F34-A9BC-A7805F9C87B3}" = protocol=6 | dir=in | app=c:\users\chris\appdata\local\microsoft\skydrive\skydrive.exe | 
"{2E1AE18E-94F8-4C7D-8BDC-8566EA892138}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{2ECE2C1F-2031-4DEE-ACC5-91F9E8A1FF93}" = protocol=6 | dir=in | app=c:\program files\comicrack\comicrack.exe | 
"{316794D6-8B41-4BD4-B67D-D94172CC1F6A}" = dir=in | app=%programfiles% (x86)\bewerbungsmaster\bewerbungs-master.exe | 
"{36AF1592-1431-4E05-8A8D-0D1FB1C54EB9}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{402F0FF4-8B58-4394-AB0A-49DC2791A89B}" = dir=in | app=%programfiles% (x86)\bewerbungsmaster\updatecheck_bewerbungsmaster.exe | 
"{4774313B-3753-4E53-BD59-95953375D74D}" = protocol=6 | dir=in | app=c:\program files (x86)\research in motion\blackberry desktop\rim.desktop.exe | 
"{4A39F071-415A-4C69-A10C-19C804F04262}" = protocol=6 | dir=in | app=e:\windows\dsassistant\dsassistant.exe | 
"{4D5505E5-2466-46AE-A456-50D2BBD0FA50}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{521BD95A-1193-40CE-9ECD-BB6BDF155CB7}" = protocol=17 | dir=in | app=c:\spiele\batman - arkham city\binaries\win32\batmanac.exe | 
"{538D0E74-3F79-403E-93A0-4E294EF1C08D}" = protocol=6 | dir=in | app=c:\spiele\rockstar games\grand theft auto iv\launchgtaiv.exe | 
"{54CEBD81-3790-4923-A45B-B4896E5C48B0}" = protocol=6 | dir=in | app=c:\users\chris\appdata\local\akamai\netsession_win.exe | 
"{57DCBD29-6E05-498B-BA92-3F8E704085DA}" = protocol=6 | dir=in | app=c:\spiele\batman - arkham city\binaries\win32\batmanac.exe | 
"{5DD696F1-903F-487E-A605-CCA79437313A}" = protocol=17 | dir=in | app=c:\users\chris\appdata\roaming\dropbox\bin\dropbox.exe | 
"{5E9451AA-B74B-4EAE-8045-C079F375EED0}" = protocol=17 | dir=in | app=c:\program files (x86)\flashget\flashget.exe | 
"{5EE9A28F-AAA2-4C4A-B2A6-D132E43D2EC1}" = protocol=17 | dir=in | app=c:\users\chris\appdata\local\microsoft\skydrive\skydrive.exe | 
"{6082F014-81BC-453E-A850-78B95C34049E}" = protocol=17 | dir=in | app=c:\spiele\rockstar games\grand theft auto iv\launchgtaiv.exe | 
"{67133C7E-6D0C-4157-A7E4-E22817EB7B0D}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{6AAB4614-6CAB-4064-AABD-A294263DE847}" = protocol=17 | dir=in | app=c:\program files\comicrack\comicrack.exe | 
"{6C704202-0888-413B-A499-78B3E2F3DA64}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe | 
"{6CA28B62-9C18-425D-9F81-BDD4EE2B09ED}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{6D6414F6-69AB-4C57-9360-D8CB122D6C1D}" = protocol=17 | dir=in | app=c:\program files (x86)\sybase\sql anywhere 9\win32\dbsrv9.exe | 
"{709E4733-4D26-4FD3-8EED-07A2AAB1E763}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{71C96885-53FC-4564-8120-A6DCCDFE2753}" = dir=out | app=%systemdrive%\spiele\call of duty 5\codwaw.exe | 
"{73898F12-F921-4ECA-912A-ABDAE58D6A8F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{74051F9C-F42A-44A5-A8A3-4962966C9A03}" = protocol=17 | dir=in | app=c:\xampp\xampp\apache\bin\httpd.exe | 
"{7611DA5B-33E0-4FB2-AA64-C481C645D491}" = protocol=17 | dir=in | app=e:\windows\dsassistant\dsassistant.exe | 
"{7680EB63-AD7A-4D60-A619-7561A9342FE8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{7CB97BEE-C0EE-47BB-A554-CEB5F4315B7E}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | 
"{7CDAA699-8329-4E6B-8812-7C07ADB2F26B}" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | 
"{80C1B6CA-4B92-4801-928D-7618D20186B5}" = protocol=6 | dir=in | app=c:\users\chris\appdata\roaming\dropbox\bin\dropbox.exe | 
"{84295960-6930-4402-8467-38996713989D}" = protocol=6 | dir=in | app=c:\xampp\xampp\apache\bin\httpd.exe | 
"{84529395-B5B9-4DAC-BD4A-AC8E7AD4E87B}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | 
"{867EF073-B325-4C87-9FAB-332F5ADBC8F7}" = protocol=6 | dir=in | app=c:\program files (x86)\sybase\sql anywhere 9\win32\dbsrv9.exe | 
"{8A5BDCA8-724F-4279-905B-5C03B307D30F}" = protocol=6 | dir=in | app=c:\xampp\apache\bin\httpd.exe | 
"{8BC79F8F-6D19-4C38-8878-00965B79D796}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{8D6A1D13-32FB-4625-8F5D-0080A33A9209}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{9070CDE8-F595-45DA-B04D-9DA6158F3D36}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{936B62B8-693C-4542-83D1-72AE2944D4C0}" = protocol=17 | dir=in | app=c:\users\chris\downloads\dsassistant_1593\dsassistant.exe | 
"{9C7474D9-1D8E-4EC6-B1F3-605B4E5C17EE}" = dir=in | app=%programfiles% (x86)\bewerbungsmaster\bewerbungs-master.exe | 
"{9DF4A96F-BC31-4F81-885F-B446F6E78ADF}" = protocol=17 | dir=in | app=c:\program files (x86)\research in motion\blackberry desktop\rim.desktop.exe | 
"{A18F48BC-3758-4CB2-9584-9DBE7FA2C164}" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | 
"{A20F943C-F0FB-4D18-98CE-E4CCA6085FD6}" = protocol=6 | dir=out | app=c:\program files (x86)\rosetta stone\rosetta stone version 3\support\bin\win\rosettastoneltdservices.exe | 
"{A5602C1C-EAB1-4444-BF0E-C68AE8F691B9}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{A88BAB5F-88D9-46AB-80F1-9F855D007081}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mafia ii\pc\mafia2.exe | 
"{AD8CE5CE-0ADD-4ABE-ACAF-9ABCDB1BD9F1}" = protocol=17 | dir=in | app=c:\xampp\apache\bin\httpd.exe | 
"{AF902059-D67C-4C2D-AC2D-0DEDC1BE56C1}" = dir=in | app=%programfiles% (x86)\bewerbungsmaster\bewerbungs-master-update.exe | 
"{B20C531E-6F5D-4E8D-92BE-F6BD82004115}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 
"{B335EE40-B743-4FE9-B46D-26127538AA5F}" = protocol=17 | dir=in | app=c:\spiele\rockstar games\rockstar games social club\rgsclauncher.exe | 
"{B66706FA-4B09-4F19-9B70-78AE7057DDA1}" = protocol=17 | dir=in | app=c:\users\chris\appdata\local\akamai\netsession_win.exe | 
"{B6B76CB5-5853-4DD6-829D-0C7F0317942B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{B6DF37DE-FAF8-45F9-BAD4-A6D87854DA74}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{B9EDF4FE-456A-4DA1-ACD7-C7749667EA5C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{BA79CB90-41A7-4851-90E7-6DA14ECFE5F7}" = protocol=17 | dir=in | app=c:\users\chris\appdata\roaming\dropbox\bin\dropbox.exe | 
"{BDED8411-B54B-4B59-B48A-2F9F40214A23}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | 
"{C057B361-7A5D-4E59-82BD-AB60BC828E7F}" = dir=in | app=%programfiles% (x86)\bewerbungsmaster\updatecheck_bewerbungsmaster.exe | 
"{C06A31E1-E291-4428-BCA6-5DA1DE36D5A2}" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | 
"{C37BB289-8E97-4CEA-9A83-C547D1D8B469}" = protocol=6 | dir=in | app=c:\xampp\xampp\mysql\bin\mysqld.exe | 
"{C5AD8181-D0AE-4266-812C-8C81542D9AC1}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | 
"{C5E4005A-DB40-43BE-ADAE-CEB9DC0B98E3}" = protocol=17 | dir=in | app=c:\xampp\xampp\mysql\bin\mysqld.exe | 
"{C84AF211-6A5E-4BCE-B49A-3B9B6815CAD9}" = dir=in | app=%programfiles% (x86)\bewerbungsmaster\bewerbungs-master-update.exe | 
"{CB3A9750-37E0-4A48-8D9F-A0C22FBC17AB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{D027B43C-F9D0-4A1B-AED0-9407636FE04A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe | 
"{D14240FB-E43B-49D7-A847-AB0D1DF9A088}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{D66A4CE4-AAF4-401F-82FA-F543F9055BF4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{DB77A884-43C3-4784-B9DC-6B2064EEBDD0}" = protocol=6 | dir=in | app=c:\spiele\rockstar games\rockstar games social club\rgsclauncher.exe | 
"{EBAAA27D-0B53-42BA-825A-93DDB9AC9FCD}" = protocol=6 | dir=out | app=system | 
"{ECE426EC-D9EA-4A9D-85DC-358182406145}" = protocol=6 | dir=in | app=c:\users\chris\downloads\dsassistant_1593\dsassistant.exe | 
"{EF3DAC86-0D7C-41F7-81D7-EA97297D7ADF}" = protocol=6 | dir=in | app=c:\users\chris\appdata\roaming\dropbox\bin\dropbox.exe | 
"{F48E8A30-B345-45E3-A6DC-CB02EFFEA54B}" = dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-hostd.exe | 
"{F794F6AC-3CE1-4980-AB7B-65CEC00EE5E2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mafia ii\pc\mafia2.exe | 
"{FAB6EE75-BA50-4353-974C-F04DE3F89804}" = protocol=6 | dir=in | app=c:\program files (x86)\flashget\flashget.exe | 
"TCP Query User{55FE52DB-6A0E-4E18-AE96-E0551D5E0976}C:\xampp\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\xampp\xampp\mysql\bin\mysqld.exe | 
"TCP Query User{6143A86C-1E54-4059-B41B-0F049DA960B7}C:\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe | 
"TCP Query User{8B2022C8-BE6E-42C3-B0E4-87DCD49218CF}C:\xampp\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\xampp\xampp\apache\bin\httpd.exe | 
"TCP Query User{99355DDE-54CA-4F02-892B-5964B167E5E0}E:\windows\dsassistant\dsassistant.exe" = protocol=6 | dir=in | app=e:\windows\dsassistant\dsassistant.exe | 
"TCP Query User{9EBBD9A6-4475-42A5-9F29-A4C4323B8848}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | 
"TCP Query User{A23D135A-A461-4B62-9843-FC2E9211F50F}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | 
"TCP Query User{A99C7EF7-A1FE-4655-AAFC-D884E25D9E1A}C:\program files (x86)\mediamonkey\mediamonkey.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mediamonkey\mediamonkey.exe | 
"TCP Query User{BCF2584E-9D4E-4F5B-9BEE-5A5FC2B9B7A8}C:\users\chris\downloads\dsassistant_1593\dsassistant.exe" = protocol=6 | dir=in | app=c:\users\chris\downloads\dsassistant_1593\dsassistant.exe | 
"TCP Query User{D07756FF-9E7F-485B-8845-5F632B819141}C:\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\xampp\apache\bin\httpd.exe | 
"TCP Query User{D14919D0-BDE7-4993-B599-A0D6E3D0CFAE}C:\program files\comicrack\comicrack.exe" = protocol=6 | dir=in | app=c:\program files\comicrack\comicrack.exe | 
"TCP Query User{D4B3F535-2AF5-446C-AEB4-78472E3A0BEE}C:\spiele\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=6 | dir=in | app=c:\spiele\rockstar games\grand theft auto iv\gtaiv.exe | 
"TCP Query User{DD00EA32-A7DF-4CA4-A7AB-2CB9CD02EF48}C:\spiele\company of heroes\reliccoh.exe" = protocol=6 | dir=in | app=c:\spiele\company of heroes\reliccoh.exe | 
"TCP Query User{E9961DB7-1EA0-46F3-BE40-0C712313B0BB}C:\program files (x86)\flashget\flashget.exe" = protocol=6 | dir=in | app=c:\program files (x86)\flashget\flashget.exe | 
"TCP Query User{F5C489B2-C4B6-4E67-97C1-EBCB0E895D89}C:\users\chris\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\chris\appdata\local\akamai\netsession_win.exe | 
"UDP Query User{48D40E13-BB94-4519-9401-87B456D99A4C}C:\xampp\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\xampp\xampp\mysql\bin\mysqld.exe | 
"UDP Query User{4F696EBB-7CF5-4207-9020-C710154370AF}C:\program files (x86)\flashget\flashget.exe" = protocol=17 | dir=in | app=c:\program files (x86)\flashget\flashget.exe | 
"UDP Query User{5691AC3F-0756-4F13-A36C-FE8804F709A6}C:\xampp\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\xampp\xampp\apache\bin\httpd.exe | 
"UDP Query User{5B975BEE-E323-4CAD-BB11-BCC10CBC0FD4}C:\users\chris\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\chris\appdata\local\akamai\netsession_win.exe | 
"UDP Query User{67A244A1-2D64-46DB-AAA9-192734619C06}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | 
"UDP Query User{6C4FCE5D-0D69-4795-8E38-A9F80CDAEDB4}C:\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe | 
"UDP Query User{97B58E39-B5AC-404E-A093-6A0FE6223BF2}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | 
"UDP Query User{A124D72D-003B-4A02-AD67-3238B8945A73}C:\users\chris\downloads\dsassistant_1593\dsassistant.exe" = protocol=17 | dir=in | app=c:\users\chris\downloads\dsassistant_1593\dsassistant.exe | 
"UDP Query User{B251CCB7-C2DD-405B-92B6-4857E8C2926C}E:\windows\dsassistant\dsassistant.exe" = protocol=17 | dir=in | app=e:\windows\dsassistant\dsassistant.exe | 
"UDP Query User{BCE39936-91D3-4D54-AF4E-667B1C925177}C:\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\xampp\apache\bin\httpd.exe | 
"UDP Query User{C836ED20-529D-4AB9-9A00-5594723F5FFB}C:\spiele\company of heroes\reliccoh.exe" = protocol=17 | dir=in | app=c:\spiele\company of heroes\reliccoh.exe | 
"UDP Query User{DA219A00-CDA6-44E8-857E-920C22113298}C:\program files\comicrack\comicrack.exe" = protocol=17 | dir=in | app=c:\program files\comicrack\comicrack.exe | 
"UDP Query User{E063681C-3BBC-462A-AF31-9AEC1457FD2D}C:\spiele\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=17 | dir=in | app=c:\spiele\rockstar games\grand theft auto iv\gtaiv.exe | 
"UDP Query User{E6FA3932-215C-4E3C-8A18-145B86CBE344}C:\program files (x86)\mediamonkey\mediamonkey.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mediamonkey\mediamonkey.exe | 
"UDP Query User{FBF90D3E-5D93-4FEB-8391-05D42F67D8C0}C:\program files (x86)\elcomsoft\distributed password recovery\esdprs.exe" = protocol=17 | dir=in | app=c:\program files (x86)\elcomsoft\distributed password recovery\esdprs.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00060000-0000-1004-8002-0000C06B5161}" = WibuKey Setup (WibuKey Remove)
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0CB2E2BC-A312-5821-C5C7-A295A1BEFD08}" = AMD Catalyst Install Manager
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{119B2F5A-2A06-DB96-FF28-992EC2A10BDF}" = AMD Accelerated Video Transcoding
"{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode
"{23170F69-40C1-2702-0912-000001000000}" = 7-Zip 9.12 (x64 edition)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4E021D2A-16ED-4FFF-87CB-774F4F62A1A1}" = ccc-utility64
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{572788F2-0AB7-FA0E-6E91-B98044F4B7E6}" = AMD Media Foundation Decoders
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.1.5
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8DF73A13-F54C-4CB3-B4AD-4375A2E8F4F8}" = VmciSockets
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID-Anmelde-Assistent
"{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1" = PDF-Viewer
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{EB731227-8AC5-4889-ACE9-7D87864A9F19}" = Logitech GamePanel Software 3.02.173
"{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper
"{f45b48a7-f616-4211-b927-17cab6a96613}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F809FFB5-6F9B-AFDE-6048-5D9E95A85505}" = AMD Drag and Drop Transcoding
"ComicRack" = ComicRack v0.9.148
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Sandboxie" = Sandboxie 3.72 (64-bit)
"Shrew Soft VPN Client" = Shrew Soft VPN Client
"WinRAR archiver" = WinRAR
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{003BFBBD-6C67-419E-A24D-0DCAFC3A5249}" = tools-freebsd
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{11D08055-939C-432b-98C3-E072478A0CD7}" = PSE10 STI Installer
"{11F5D779-7BD9-465A-BBC4-10701386BCB9}" = FW LiveUpdate
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{14DDF23F-414A-46DB-4762-56569080292C}" = CCC Help Russian
"{197597A7-AD33-4898-9D8E-73066818B464}" = tools-netware
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{212BB5C2-A702-6A1B-A964-C672D94B467D}" = Catalyst Control Center InstallProxy
"{21D6A73A-48E6-2195-C408-2158273A914E}" = Catalyst Control Center Localization All
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback 10
"{2596DB11-997F-FC5B-F5C2-737623D9D8B6}" = Catalyst Control Center
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{28904D9A-13A6-ECA2-48D8-21542759D998}" = CCC Help Polish
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2C8BBDA6-79A7-B2DE-3E5B-287E7F667C67}" = CCC Help Danish
"{2DFAC810-6DD8-4E23-96A4-BEB118408203}" = Mask Pro 4.1.4
"{2E119961-E99B-C147-9AC3-A93683172DC1}" = CCC Help Swedish
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{44ED90A1-453B-5C9A-D9ED-80D8AB0258B8}" = CCC Help Thai
"{45E00595-897E-64B6-28F9-5D0927EBA4A5}" = CCC Help Chinese Standard
"{46DE5F4E-BA8B-AC9E-0EED-05B7D93AD215}" = CCC Help Spanish
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4D090F70-6F08-4B60-9357-A1DFD4458F09}" = Microsoft Mathematics
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57520FA0-AC56-469B-9983-FF1000008300}" = Batman: Arkham City™
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{5B04E832-4530-B8FF-F742-8BE25ADD43BD}" = CCC Help German
"{5D58EACA-0317-4CFF-9E13-53CCD525DE32}" = Catalyst Control Center InstallProxy
"{5ED93D68-5EAA-9343-9B74-B1E276217264}" = CCC Help Dutch
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5EF0533F-F865-4B1E-A428-CA91819AE1CC}" = DesignPro Business Cards SE
"{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6D185295-DE89-9C39-18E6-310C148836EB}" = CCC Help Chinese Traditional
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71A8F958-D272-E262-7C9A-7B8F713EE0C3}" = CCC Help French
"{7513D3F0-55BC-273C-7A53-488394EDBFCC}" = CCC Help Italian
"{75157F34-02C6-4831-BD66-3BC49E7A8394}" = BlackBerry Desktop Software 6.1
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79AA9BFA-F962-A1E9-71CE-D0887A92444C}" = CCC Help Portuguese
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{7ACEF1BF-9306-5AD7-5F30-ECE72A81E924}" = CCC Help Finnish
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EA79DBF-D637-448A-89D6-410A087A4493}" = Samsung_MonSetup
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PRJPROR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.VISIOR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PRJPROR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.VISIOR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PRJPROR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.VISIOR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PRJPROR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.VISIOR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PRJPROR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.VISIOR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.PRJPROR_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.VISIOR_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PRJPROR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.VISIOR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0054-0407-0000-0000000FF1CE}" = Microsoft Office Visio MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PRJPROR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.VISIOR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00B4-0407-0000-0000000FF1CE}" = Microsoft Office Project MUI (German) 2010
"{91140000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2010
"{91140000-0057-0000-0000-0000000FF1CE}" = Microsoft Office Visio 2010
"{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}" = FARO LS 1.1.406.58
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C1EC871-05B9-03B7-96F6-9BD5C0D8F41D}" = Catalyst Control Center Graphics Previews Common
"{9F5FD796-86F0-4360-85F8-D54C0F5411EB}" = Steuer-Spar-Erklärung 2011
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A5539EA0-2FD9-483D-B150-8161498EB3A8}" = Brother HL-2035
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB1C87CB-1807-4CF0-B4C2-CEE14C18CDB4}" = tools-solaris
"{AE0F62A7-A1A2-407F-9F4C-48939BD9AD8D}" = tools-winPre2k
"{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}" = AAVUpdateManager
"{BC093E6F-61D2-4F6D-9463-ECDC2CA25462}" = calibre
"{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10
"{C4129D57-5C83-3BF0-A11A-3798C008C6C7}" = CCC Help Greek
"{CADE1721-0AE3-4FE9-B37F-CF98CA42A14F}" = Borland Database Engine
"{CCD2BAD2-0919-40CB-80CC-E9538B0E4C2E}" = Steuer-Spar-Erklärung 2012
"{D0BC4101-6C30-ECFF-F693-63408134F29B}" = CCC Help Czech
"{D102611A-6466-4101-A51D-51069303AC65}" = tools-linux
"{D2402DAD-B180-A4A0-261D-4A8933BFBFEE}" = CCC Help Japanese
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{DA7E8D81-2B14-415B-8FC5-02CE4CF9F839}" = CCC Help Hungarian
"{DB3FBD3C-A061-34C9-0A2B-6CCDD8C96640}" = CCC Help Turkish
"{E086E914-2928-48F9-364B-0C715DFF6A45}" = CCC Help Korean
"{E2C98732-F973-4985-A9C5-DC06178E16EE}" = Microsoft Mathematics-Add-In (32 Bit)
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E8F30BD6-ABAB-C24E-E9A7-BF67EB96152C}" = CCC Help Norwegian
"{E9A5B6CD-7ABB-F295-2E11-F25BC322FF80}" = CCC Help English
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F20A984B-9B30-4A9E-A3AC-918AF0D85A48}" = Snagit 9.1.1
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F7FC9307-374E-4017-8E9D-DE1154780480}" = System Requirements Lab for Intel
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10
"{FD065B02-AE17-4496-8C0F-FFD3A9FD9460}" = WISO Bewerbung 2008
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FFD9383C-01D5-4897-A954-43AF599AED30}" = tools-windows
"4Media MP4 Converter" = 4Media MP4 Converter
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AIDA64 Extreme Edition_is1" = AIDA64 Extreme Edition v2.00
"Akamai" = Akamai NetSession Interface Service
"Ant Renamer 2_is1" = Ant Renamer
"AudioConverter Studio_is1" = AudioConverter Studio 6.0
"Avira AntiVir Desktop" = Avira Free Antivirus
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.1
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"DAEMON Tools Pro" = DAEMON Tools Pro
"DivX Setup.divx.com" = DivX-Setup
"EPSON Scanner" = EPSON Scan
"ESET Online Scanner" = ESET Online Scanner v3
"FileZilla Client" = FileZilla Client 3.5.1
"FlashGet" = FlashGet 1.9.6.1073
"Free 3GP Video Converter_is1" = Free 3GP Video Converter version 3.6
"Free YouTube Download_is1" = Free YouTube Download version 3.1.27.508
"GFWL_{57520FA0-AC56-469B-9983-FF1000008300}" = Batman: Arkham City™
"Hardlock Gerätetreiber" = Hardlock Gerätetreiber
"InstallShield_{5EF0533F-F865-4B1E-A428-CA91819AE1CC}" = DesignPro Business Cards SE
"IrfanView" = IrfanView (remove only)
"KeePassPasswordSafe2_is1" = KeePass Password Safe 2.19
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"MediaMonkey_is1" = MediaMonkey 4.0
"MOBackup-DatensicherungfürOutlook" = MOBackup - Datensicherung für Outlook (Vollversion)
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.PRJPROR" = Microsoft Project Professional 2010
"Office14.SingleImage" = Microsoft Office Professional 2010
"Office14.VISIOR" = Microsoft Visio Professional 2010
"Steam App 22380" = Fallout: New Vegas
"Steam App 50130" = Mafia II
"SWFPlayer_is1" = SWFPlayer 2.6.2.0
"TeamViewer 7" = TeamViewer 7
"TrueCrypt" = TrueCrypt
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 2.0.3
"WinLiveSuite_Wave3" = Windows Live Essentials
"xampp" = XAMPP 1.7.7
"XING Connector" = XING Connector 1.2
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"SkyDriveSetup.exe" = Microsoft SkyDrive
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 07.07.2012 13:55:13 | Computer Name = Chris-Master-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: mafia2.exe, Version: 1.0.0.1, Zeitstempel:
 0x4d2745ba  Name des fehlerhaften Moduls: mafia2.exe, Version: 1.0.0.1, Zeitstempel:
 0x4d2745ba  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0064e737  ID des fehlerhaften Prozesses:
 0x1fe0  Startzeit der fehlerhaften Anwendung: 0x01cd5c667559fbcf  Pfad der fehlerhaften
 Anwendung: c:\program files (x86)\steam\steamapps\common\mafia ii\pc\mafia2.exe
Pfad
 des fehlerhaften Moduls: c:\program files (x86)\steam\steamapps\common\mafia ii\pc\mafia2.exe
Berichtskennung:
 e67e0ead-c85c-11e1-ae0e-005056c00008
 
Error - 21.07.2012 10:14:28 | Computer Name = Chris-Master-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FalloutNV.exe, Version: 1.4.0.525,
 Zeitstempel: 0x4e0d51de  Name des fehlerhaften Moduls: FalloutNV.exe, Version: 1.4.0.525,
 Zeitstempel: 0x4e0d51de  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00661734  ID des fehlerhaften
 Prozesses: 0x1620  Startzeit der fehlerhaften Anwendung: 0x01cd6747c0f8f13b  Pfad der
 fehlerhaften Anwendung: c:\program files (x86)\steam\steamapps\common\fallout new
 vegas\FalloutNV.exe  Pfad des fehlerhaften Moduls: c:\program files (x86)\steam\steamapps\common\fallout
 new vegas\FalloutNV.exe  Berichtskennung: 6161450b-d33e-11e1-b8dc-005056c00008
 
Error - 22.07.2012 08:49:46 | Computer Name = Chris-Master-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FalloutNV.exe, Version: 1.4.0.525,
 Zeitstempel: 0x4e0d51de  Name des fehlerhaften Moduls: FalloutNV.exe, Version: 1.4.0.525,
 Zeitstempel: 0x4e0d51de  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00661734  ID des fehlerhaften
 Prozesses: 0xf68  Startzeit der fehlerhaften Anwendung: 0x01cd67ea3106d3f4  Pfad der
 fehlerhaften Anwendung: c:\program files (x86)\steam\steamapps\common\fallout new
 vegas\FalloutNV.exe  Pfad des fehlerhaften Moduls: c:\program files (x86)\steam\steamapps\common\fallout
 new vegas\FalloutNV.exe  Berichtskennung: b69a5a91-d3fb-11e1-8354-005056c00008
 
Error - 23.07.2012 12:10:40 | Computer Name = Chris-Master-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Chris\Downloads\esetsmartinstaller_enu.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 23.07.2012 12:34:25 | Computer Name = Chris-Master-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Chris\Downloads\esetsmartinstaller_enu.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 24.07.2012 11:30:51 | Computer Name = Chris-Master-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Chris\Downloads\esetsmartinstaller_enu.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
[ Cisco AnyConnect VPN Client Events ]
Error - 28.01.2010 06:51:55 | Computer Name = Chris-Master-PC | Source = vpnui | ID = 67108866
Description = Function: ConnectMgr::connect File: .\ConnectMgr.cpp Line: 989 Invoked
 Function: ConnectIfc::connect Return Code: -29949934 (0xFE370012) Description: CTRANSPORT_ERROR_HOST_RESOLUTION

 
Error - 28.01.2010 06:51:55 | Computer Name = Chris-Master-PC | Source = vpnui | ID = 67108866
Description = Function: ConnectMgr::processIfcData File: .\ConnectMgr.cpp Line: 1208
Invoked
 Function: ConnectMgr :: processIfcData Return Code: -33554423 (0xFE000009) Description:
 GLOBAL_ERROR_UNEXPECTED Unrecognized content type (Unknown) received.
 
Error - 28.01.2010 06:51:55 | Computer Name = Chris-Master-PC | Source = vpnui | ID = 67108866
Description = Function: ConnectMgr::processIfcData File: .\ConnectMgr.cpp Line: 1234
Invoked
 Function: ConnectMgr :: processIfcData Return Code: -33554423 (0xFE000009) Description:
 GLOBAL_ERROR_UNEXPECTED Unable to process response from hs-karlsruhe.de. 
 
Error - 28.01.2010 06:51:55 | Computer Name = Chris-Master-PC | Source = vpnui | ID = 67108866
Description = Function: ConnectMgr::processIfcData File: .\ConnectMgr.cpp Line: 1315
Invoked
 Function: ConnectMgr::processIfcData Return Code: -33554423 (0xFE000009) Description:
 GLOBAL_ERROR_UNEXPECTED Unable to contact hs-karlsruhe.de. 
 
Error - 28.01.2010 06:52:01 | Computer Name = Chris-Master-PC | Source = vpnui | ID = 67108866
Description = Function: MSSaxErrorHandlerImpl::fatalError File: .\Xml\MSSaxErrorHandlerImpl.cpp
Line:
 31 Invoked Function: CVCMSSaxParser Return Code: -1072894405 (0xC00CEE3B) Description:
 WINDOWS_ERROR_CODE XML Parser fatal error: Der im Endtag des Elements enthaltene
 Name muss mit dem Elementtyp im Starttag übereinstimmen.  
 
Error - 28.01.2010 06:52:01 | Computer Name = Chris-Master-PC | Source = vpnui | ID = 67108866
Description = Function: XmlParser::invokeParser File: .\Xml\XmlParser.cpp Line: 206
Invoked
 Function: XmlParser::invokeParser Return Code: -1072894405 (0xC00CEE3B) Description:
 WINDOWS_ERROR_CODE Error encountered during parse. <html> <head> <META http-equiv="PICS-Label"
 content='(PICS-1.1 "hxxp://www.rsac.org/ratingsv01.html" l gen true comment "RSACi
 North America Server" for "hxxp://193.196.64.249/index.html" on "2000.11.02T23:36-0800"
 r (n 0 s 0 v 0 l 0))'> <meta http-equiv="Window-target" content="_top"> <title>Cisco
 Systems, Inc. VPN 3000 Concentrator [Cisco-3060]</title> </head> <body bgcolor="white"
 text="black" link="#003366" vlink="#003366"> <script lanaguage="JavaScript"> <!--
 hide    if (parseInt(navigator.appVersion.charAt(0)) < 4)    {       top.location 
= "/oldbrowser.html"    }    if (top != self)    {       top.location = "/index.html"

   } // hide --> </script> <noscript> <h2>VPN 3000 Concentrator</h2> <p>You are using
 an old browser or have disabled JavaScript. You <b>must</b> use version 4 or higher
 of Netscape Navigator/Communicator or version 4 or higher of Microsoft Internet
 Explorer with JavaScript enabled.</p> <img src="/img/filler.gif" width=1 height=1200>
</noscript>

<cent
 
Error - 28.01.2010 06:52:01 | Computer Name = Chris-Master-PC | Source = vpnui | ID = 67108866
Description = Function: ConnectMgr::processXml File: .\ConnectMgr.cpp Line: 3602 Invoked
 Function: ConnectMgr::processXml Return Code: -1072894405 (0xC00CEE3B) Description:
 WINDOWS_ERROR_CODE Unable to process response from Gateway.
 
Error - 28.01.2010 06:52:01 | Computer Name = Chris-Master-PC | Source = vpnui | ID = 67108866
Description = Function: ConnectMgr::processIfcData File: .\ConnectMgr.cpp Line: 1234
Invoked
 Function: ConnectMgr :: processIfcData Return Code: -33554423 (0xFE000009) Description:
 GLOBAL_ERROR_UNEXPECTED Unable to process response from vpn.hs-karlsruhe.de. <html>
<head>
<META
 http-equiv="PICS-Label" content='(PICS-1.1 "hxxp://www.rsac.org/ratingsv01.html"
 l gen true comment "RSACi North America Server" for "hxxp://193.196.64.249/index.html"
 on "2000.11.02T23:36-0800" r (n 0 s 0 v 0 l 0))'> <meta http-equiv="Window-target"
 content="_top"> <title>Cisco Systems, Inc. VPN 3000 Concentrator [Cisco-3060]</title>
</head>
<body
 bgcolor="white" text="black" link="#003366" vlink="#003366"> <script lanaguage="JavaScript">
<!--
 hide    if (parseInt(navigator.appVersion.charAt(0)) < 4)    {       top.location 
= "/oldbrowser.html"    }    if (top != self)    {       top.location = "/index.html"

   } // hide --> </script> <noscript> <h2>VPN 3000 Concentrator</h2> <p>You are using
 an old browser or have disabled JavaScript. You <b>must</b> use version 4 or higher
 of Netscape Navigator/Communicator or version 4 or higher of Microsoft Internet
 Explorer with JavaScript enabled.</p> <img src="/img/filler.gif" width=1 height=120
 
Error - 28.01.2010 07:00:28 | Computer Name = Chris-Master-PC | Source = vpnagent | ID = 67110873
Description = Termination reason code 7: The agent has been stopped.
 
Error - 28.01.2010 07:00:28 | Computer Name = Chris-Master-PC | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::getDownloaderMessage File: .\MainThread.cpp Line:
 964 Invoked Function: CVpnMgr::processEvents Return Code: 0 (0x00000000) Description:
 fatal error, stopping service 
 
[ System Events ]
Error - 23.07.2012 11:29:46 | Computer Name = Chris-Master-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 23.07.2012 11:29:46 | Computer Name = Chris-Master-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 23.07.2012 11:32:46 | Computer Name = Chris-Master-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 23.07.2012 11:32:46 | Computer Name = Chris-Master-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 23.07.2012 11:32:46 | Computer Name = Chris-Master-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 23.07.2012 11:34:54 | Computer Name = Chris-Master-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 23.07.2012 11:34:54 | Computer Name = Chris-Master-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 23.07.2012 11:34:54 | Computer Name = Chris-Master-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 23.07.2012 12:09:10 | Computer Name = Chris-Master-PC | Source = VDS Basic Provider | ID = 33554433
Description = 
 
Error - 23.07.2012 12:09:10 | Computer Name = Chris-Master-PC | Source = VDS Basic Provider | ID = 33554433
Description = 
 
 
< End of report >
         
Und aus der OTL.txt
Code:
ATTFilter
OTL logfile created on: 24.07.2012 19:20:39 - Run 1
OTL by OldTimer - Version 3.2.54.0     Folder = C:\Users\Chris\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 1,67 Gb Available Physical Memory | 41,73% Memory free
8,00 Gb Paging File | 5,41 Gb Available in Paging File | 67,71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 298,09 Gb Total Space | 31,21 Gb Free Space | 10,47% Space Free | Partition Type: NTFS
 
Computer Name: CHRIS-MASTER-PC | User Name: Chris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Chris\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Users\Chris\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe (Adobe Systems, Inc.)
PRC - C:\Users\Chris\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
PRC - C:\Users\Chris\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe (DT Soft Ltd)
PRC - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Windows\SysWOW64\nlssrv32.exe (Nalpeiron Ltd.)
PRC - C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
PRC - C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\TrueCrypt\TrueCrypt.exe (TrueCrypt Foundation)
PRC - C:\Programme\Logitech\SetPoint\x86\SetPoint32.exe ()
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Programme\Logitech\GamePanel Software\Applets\LCDMedia.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
MOD - C:\Programme\Logitech\SetPoint\x86\SetPoint32.exe ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Akamai) -- c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll ()
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (SbieSvc) -- C:\Programme\Sandboxie\SbieSvc.exe (SANDBOXIE L.T.D)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (TeamViewer7) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (nlsX86cc) -- C:\Windows\SysWOW64\nlssrv32.exe (Nalpeiron Ltd.)
SRV - (FLEXnet Licensing Service 64) -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Acresso Software Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (dtpd) -- C:\Programme\ShrewSoft\VPN Client\dtpd.exe ()
SRV - (iked) -- C:\Programme\ShrewSoft\VPN Client\iked.exe ()
SRV - (ipsecd) -- C:\Programme\ShrewSoft\VPN Client\ipsecd.exe ()
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (LBTServ) -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (IAANTMON) Intel(R) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (AAV UpdateService) -- C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe ()
SRV - (StarWindServiceAE) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys (Duplex Secure Ltd.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (teamviewervpn) -- C:\Windows\SysNative\drivers\teamviewervpn.sys (TeamViewer GmbH)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (vpcvmm) -- C:\Windows\SysNative\drivers\vpcvmm.sys (Microsoft Corporation)
DRV:64bit: - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation)
DRV:64bit: - (vpcuxd) -- C:\Windows\SysNative\drivers\vpcuxd.sys (Microsoft Corporation)
DRV:64bit: - (vpcnfltr) -- C:\Windows\SysNative\drivers\vpcnfltr.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (truecrypt) -- C:\Windows\SysNative\drivers\truecrypt.sys (TrueCrypt Foundation)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (WIBUKEY) -- C:\Windows\SysNative\drivers\WibuKey64.sys (WIBU-SYSTEMS AG)
DRV:64bit: - (Revoflt) -- C:\Windows\SysNative\drivers\revoflt.sys (VS Revo Group)
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys ()
DRV:64bit: - (vflt) -- C:\Windows\SysNative\drivers\vfilter.sys (Shrew Soft Inc)
DRV:64bit: - (vnet) -- C:\Windows\SysNative\drivers\virtualnet.sys (Shrew Soft Inc)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ROOTMODEM) -- C:\Windows\SysNative\drivers\rootmdm.sys (Microsoft Corporation)
DRV:64bit: - (xnacc) -- C:\Windows\SysNative\drivers\xnacc.sys (Microsoft Corporation)
DRV:64bit: - (LUsbFilt) -- C:\Windows\SysNative\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (VClone) -- C:\Windows\SysNative\drivers\VClone.sys (Elaborate Bytes AG)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation                                            )
DRV:64bit: - (RimVSerPort) -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys (Research in Motion Ltd)
DRV:64bit: - (adfs) -- C:\Windows\SysNative\drivers\adfs.sys (Adobe Systems, Inc.)
DRV:64bit: - (aksdf) -- C:\Windows\SysNative\drivers\aksdf.sys (Aladdin Knowledge Systems Ltd.)
DRV:64bit: - (Hardlock) -- C:\Windows\SysNative\drivers\hardlock.sys (Aladdin Knowledge Systems Ltd.)
DRV:64bit: - (BrPar) -- C:\Windows\SysNative\drivers\brpar64a.sys (Brother Industries Ltd.)
DRV - (SbieDrv) -- C:\Programme\Sandboxie\SbieDrv.sys (SANDBOXIE L.T.D)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)"
FF - prefs.js..browser.startup.homepage: "about:blank"
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.8.5
FF - prefs.js..extensions.enabledItems: {F645A8C9-E969-42D9-B3F3-F325537222FD}:1.1.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: zotero@chnm.gmu.edu:2.1.1
FF - prefs.js..extensions.enabledItems: {c151d79e-e61b-4a90-a887-5a46d38fba99}:2.6.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: web2pdfextension@web2pdf.adobedotcom:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..network.proxy.backup.ftp: "proxy.hs-karlsruhe.de"
FF - prefs.js..network.proxy.backup.ftp_port: 8888
FF - prefs.js..network.proxy.backup.gopher: "proxy.hs-karlsruhe.de"
FF - prefs.js..network.proxy.backup.gopher_port: 8888
FF - prefs.js..network.proxy.backup.socks: "proxy.hs-karlsruhe.de"
FF - prefs.js..network.proxy.backup.socks_port: 8888
FF - prefs.js..network.proxy.backup.ssl: "proxy.hs-karlsruhe.de"
FF - prefs.js..network.proxy.backup.ssl_port: 8888
FF - prefs.js..network.proxy.ftp: "proxy.hs-karlsruhe.de"
FF - prefs.js..network.proxy.ftp_port: 8888
FF - prefs.js..network.proxy.gopher: "proxy.hs-karlsruhe.de"
FF - prefs.js..network.proxy.gopher_port: 8888
FF - prefs.js..network.proxy.http: "proxy.hs-karlsruhe.de"
FF - prefs.js..network.proxy.http_port: 8888
FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, *.hs-karlsruhe.de"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "proxy.hs-karlsruhe.de"
FF - prefs.js..network.proxy.socks_port: 8888
FF - prefs.js..network.proxy.ssl: "proxy.hs-karlsruhe.de"
FF - prefs.js..network.proxy.ssl_port: 8888
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Chris\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Chris\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012.04.19 17:07:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.21 11:43:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.07.23 18:39:11 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.21 11:43:11 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.07.23 18:39:11 | 000,000,000 | ---D | M]
 
[2009.08.16 12:26:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\mozilla\Extensions
[2012.07.18 19:53:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\mozilla\Firefox\Profiles\7p1ykuvx.default\extensions
[2010.06.17 11:00:09 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Chris\AppData\Roaming\mozilla\Firefox\Profiles\7p1ykuvx.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.02.25 09:21:24 | 000,000,000 | ---D | M] (QuickRestart) -- C:\Users\Chris\AppData\Roaming\mozilla\Firefox\Profiles\7p1ykuvx.default\extensions\{F645A8C9-E969-42D9-B3F3-F325537222FD}
[2012.05.18 08:07:16 | 000,000,000 | ---D | M] ("FRITZ!Box AddOn") -- C:\Users\Chris\AppData\Roaming\mozilla\Firefox\Profiles\7p1ykuvx.default\extensions\fb_add_on@avm.de
[2012.07.06 16:02:27 | 000,000,000 | ---D | M] (Zotero) -- C:\Users\Chris\AppData\Roaming\mozilla\Firefox\Profiles\7p1ykuvx.default\extensions\zotero@chnm.gmu.edu
[2012.05.15 16:18:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012.07.18 19:53:35 | 000,339,888 | ---- | M] () (No name found) -- C:\USERS\CHRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7P1YKUVX.DEFAULT\EXTENSIONS\{19503E42-CA3C-4C27-B1E2-9CDB2170EE34}.XPI
[2012.07.14 16:53:20 | 000,112,944 | ---- | M] () (No name found) -- C:\USERS\CHRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7P1YKUVX.DEFAULT\EXTENSIONS\{C151D79E-E61B-4A90-A887-5A46D38FBA99}.XPI
[2012.07.21 11:43:11 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.07.17 20:00:14 | 000,170,624 | ---- | M] (Tracker Software Products (Canada) Ltd.) -- C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
[2012.02.17 17:10:21 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.17 17:10:21 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.02.17 17:10:21 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.17 17:10:21 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.17 17:10:21 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.17 17:10:21 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.de/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.de/
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Chris\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Users\Chris\AppData\Local\Google\Chrome\Application\20.0.1132.57\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Chris\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50917.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: AT_Porsche = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkclphmapdcppbmekmbkcjfanpmoidpg\3\
CHR - Extension: Docs Viewer f\u00FCr PDF/PowerPoint (von Google) = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnbmlagghjjcbdhgmkedmbmedengocbn\3.9_0\
CHR - Extension: Google Calendar Checker = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\ookhcbgokankfmjafalglpofmolfopek\1.2.2_0\
CHR - Extension: kicker online - FootieFox = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnnolmnbolameihploheccpnmkkcgcfm\1.1.1\
 
O1 HOSTS File: ([2011.11.30 08:51:44 | 000,002,479 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 9\DLLx64\SnagitBHO64.dll (TechSmith Corporation)
O2:64bit: - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 9\SnagitBHO.dll (TechSmith Corporation)
O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files (x86)\FlashGet\jccatch.dll (www.flashget.com)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files (x86)\FlashGet\getflash.dll (www.flashget.com)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 9\SnagitIEAddin.dll (TechSmith Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [KeePass 2 PreLoad] C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe (Dominik Reichl)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [vmware-tray] C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Chris\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKCU..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
O4 - HKCU..\Run: [SkyDrive] C:\Users\Chris\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Chris\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O8:64bit: - Extra context menu item: &Alles mit FlashGet laden - C:\Program Files (x86)\FlashGet\JC_ALL.HTM ()
O8:64bit: - Extra context menu item: &Mit FlashGet laden - C:\Program Files (x86)\FlashGet\JC_LINK.HTM ()
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Chris\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: &Alles mit FlashGet laden - C:\Program Files (x86)\FlashGet\JC_ALL.HTM ()
O8 - Extra context menu item: &Mit FlashGet laden - C:\Program Files (x86)\FlashGet\JC_LINK.HTM ()
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Free YouTube Download - C:\Users\Chris\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\flashget.exe (FlashGet.com)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.1.66.0.cab (Reg Error: Key error.)
O16 - DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 vpnweb.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3909DEC3-4222-49BF-AE75-50777B66311C}: Domain = hs-karlsruhe.de
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3909DEC3-4222-49BF-AE75-50777B66311C}: NameServer = 193.196.64.1,193.196.64.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8C5CAA48-F761-4F0F-827B-AF45F26EA58E}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (OODBS)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.23 18:39:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF-XChange PDF Viewer
[2012.07.23 18:38:55 | 000,000,000 | ---D | C] -- C:\Program Files\Tracker Software
[2012.07.23 18:35:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012.07.23 18:33:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012.07.23 18:33:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oracle
[2012.07.23 18:32:35 | 000,772,544 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2012.07.23 18:32:35 | 000,227,760 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012.07.23 18:32:19 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012.07.23 18:32:19 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012.07.23 18:19:09 | 000,000,000 | R--D | C] -- C:\Sandbox
[2012.07.23 18:18:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
[2012.07.23 18:17:59 | 000,000,000 | ---D | C] -- C:\Program Files\Sandboxie
[2012.07.23 17:51:58 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe
[2012.07.23 17:46:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.07.23 17:30:49 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Malwarebytes
[2012.07.23 17:30:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.23 17:30:40 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.07.23 17:30:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.07.23 17:30:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.21 12:24:41 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.07.21 12:24:36 | 002,557,952 | ---- | C] (Nokia Corporation and/or its subsidiary(-ies)) -- C:\Windows\SysWow64\QtCore4.dll
[2012.07.21 12:24:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
[2012.07.21 12:24:34 | 000,405,176 | ---- | C] (Newtonsoft) -- C:\Windows\SysWow64\Newtonsoft.Json.Net20.dll
[2012.07.21 12:24:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft
[2012.07.21 12:24:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft
[2012.07.16 18:43:57 | 000,000,000 | ---D | C] -- C:\Users\Chris\Documents\start
[2012.07.12 20:27:56 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.07.12 20:27:56 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.07.12 20:27:55 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.07.12 20:27:55 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.07.12 20:27:55 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.07.12 20:27:55 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.07.12 20:27:55 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.07.12 20:27:55 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.07.12 20:27:53 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.07.12 20:27:53 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.07.12 20:27:53 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.07.12 20:27:53 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.07.12 20:27:53 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.07.12 16:28:05 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2012.07.12 16:28:05 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2012.07.12 16:27:59 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012.07.12 16:27:46 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll
[2012.07.12 16:27:45 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll
[2012.07.09 19:55:51 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Dominik_Reichl
[2012.07.09 19:55:21 | 000,000,000 | ---D | C] -- C:\Users\Chris\Documents\Keepass Backup
[2012.07.09 19:54:58 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\KeePass
[2012.07.09 19:40:22 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\KeePass
[2012.07.09 19:38:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\KeePass Password Safe 2
[2012.07.06 19:01:48 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browserchoice.exe
[2012.07.01 11:22:24 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\2K Games
[2012.07.01 11:22:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2012.07.01 11:15:02 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2012.07.01 11:14:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2012.07.01 11:14:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2012.06.30 18:09:53 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012.06.30 18:09:53 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2012.06.30 18:09:53 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012.06.30 18:09:30 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2012.06.30 18:09:30 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2012.06.30 18:09:30 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2012.06.30 18:09:02 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2012.06.30 18:09:02 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2011.02.12 15:39:25 | 001,531,392 | ---- | C] (Toshiba Samsung Storage Technology Corporation) -- C:\Users\Chris\AppData\Roaming\tsdnwin.dll
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Users\Chris\*.tmp files -> C:\Users\Chris\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.24 19:19:01 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1692090429-3976311990-559747717-1001UA.job
[2012.07.24 19:19:01 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.24 18:56:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.07.24 18:27:30 | 001,111,396 | ---- | M] () -- C:\Users\Chris\Documents\Kreditkartenabrechnung_427316XXXXXX9912_29-06-12.pdf
[2012.07.24 17:33:49 | 000,013,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.24 17:33:48 | 000,013,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.24 17:24:26 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.24 17:24:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.24 17:24:02 | 3220,033,536 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.24 17:24:01 | 000,766,200 | ---- | M] () -- C:\Windows\SysNative\oodbs.lor
[2012.07.23 18:32:10 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012.07.23 18:32:10 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012.07.23 18:28:20 | 000,001,668 | ---- | M] () -- C:\Windows\Sandboxie.ini
[2012.07.23 18:17:59 | 000,000,924 | ---- | M] () -- C:\Users\Chris\Desktop\Sandboxed Web Browser.lnk
[2012.07.23 17:52:00 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe
[2012.07.23 17:30:41 | 000,001,079 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.23 17:14:54 | 004,503,728 | ---- | M] () -- C:\ProgramData\piz_0ef.pad
[2012.07.23 16:43:17 | 000,658,334 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.07.23 16:43:17 | 000,123,732 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.07.23 16:43:16 | 001,630,282 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.07.23 16:43:16 | 000,704,958 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.07.23 16:43:16 | 000,151,040 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.07.21 12:24:36 | 000,001,272 | ---- | M] () -- C:\Users\Chris\Desktop\Free YouTube Download.lnk
[2012.07.20 17:19:01 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1692090429-3976311990-559747717-1001Core.job
[2012.07.18 18:10:36 | 000,000,221 | ---- | M] () -- C:\Users\Chris\Desktop\Fallout New Vegas.url
[2012.07.16 19:42:08 | 000,000,499 | ---- | M] () -- C:\Windows\Brownie.ini
[2012.07.16 18:36:02 | 001,089,536 | ---- | M] () -- C:\Users\Chris\Documents\Holzzuteilung.Leimersheim.accdb
[2012.07.13 14:58:18 | 000,344,064 | ---- | M] () -- C:\Users\Chris\Documents\Database1.accdb
[2012.07.13 14:40:17 | 003,160,144 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.07.12 17:57:23 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.07.12 17:57:23 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.07.12 17:52:01 | 001,179,648 | ---- | M] () -- C:\Users\Chris\Documents\Schulbücherei.accdb
[2012.07.09 19:38:56 | 000,001,075 | ---- | M] () -- C:\Users\Chris\Desktop\KeePass 2.lnk
[2012.07.05 22:06:48 | 000,227,760 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012.07.05 22:06:30 | 000,772,544 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2012.07.05 22:06:20 | 000,687,544 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.07.01 11:17:44 | 000,000,221 | ---- | M] () -- C:\Users\Chris\Desktop\Mafia II.url
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Users\Chris\*.tmp files -> C:\Users\Chris\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.07.23 18:39:04 | 000,001,028 | ---- | C] () -- C:\Users\Chris\Desktop\PDF-Viewer.lnk
[2012.07.23 18:18:11 | 000,000,924 | ---- | C] () -- C:\Users\Chris\Desktop\Sandboxed Web Browser.lnk
[2012.07.23 18:18:09 | 000,001,668 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2012.07.23 17:30:41 | 000,001,079 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.23 17:14:00 | 004,503,728 | ---- | C] () -- C:\ProgramData\piz_0ef.pad
[2012.07.21 12:24:36 | 000,001,272 | ---- | C] () -- C:\Users\Chris\Desktop\Free YouTube Download.lnk
[2012.07.18 18:10:36 | 000,000,221 | ---- | C] () -- C:\Users\Chris\Desktop\Fallout New Vegas.url
[2012.07.13 14:58:01 | 000,344,064 | ---- | C] () -- C:\Users\Chris\Documents\Database1.accdb
[2012.07.12 16:45:00 | 001,179,648 | ---- | C] () -- C:\Users\Chris\Documents\Schulbücherei.accdb
[2012.07.09 19:38:56 | 000,001,087 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeePass 2.lnk
[2012.07.09 19:38:56 | 000,001,075 | ---- | C] () -- C:\Users\Chris\Desktop\KeePass 2.lnk
[2012.07.01 11:17:44 | 000,000,221 | ---- | C] () -- C:\Users\Chris\Desktop\Mafia II.url
[2012.03.09 14:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012.02.15 04:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.02.15 04:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.01.20 17:47:11 | 000,000,135 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.09.27 12:16:20 | 000,304,128 | ---- | C] () -- C:\Windows\SysWow64\LxDNT100.dll
[2011.09.27 12:14:14 | 000,133,120 | ---- | C] () -- C:\Windows\SysWow64\LxDNTvmc100.dll
[2011.09.27 12:13:58 | 000,069,120 | ---- | C] () -- C:\Windows\SysWow64\LxDNTvm100.dll
[2011.09.13 01:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.05.25 11:49:55 | 000,015,360 | ---- | C] () -- C:\Windows\SysWow64\BASSMOD.dll
[2011.05.19 17:51:33 | 000,005,632 | ---- | C] () -- C:\Windows\SysWow64\fteh006n.dll
[2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.03.13 16:31:44 | 000,004,608 | ---- | C] () -- C:\Users\Chris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.02.27 16:39:22 | 000,000,173 | ---- | C] () -- C:\Users\Chris\AppData\Local\msmathematics.qat.Chris
[2011.02.12 15:36:01 | 000,000,439 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\SamsungLiveUpdateConfig.ini
[2010.12.05 14:52:45 | 000,000,670 | ---- | C] () -- C:\Windows\CDPlayer.ini
[2010.10.08 17:43:52 | 000,000,263 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2010.10.08 17:42:51 | 000,000,000 | ---- | C] () -- C:\Windows\FULINST.INI
[2010.09.12 15:54:25 | 000,000,010 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\hhxprot5
[2010.04.08 18:07:11 | 000,000,043 | -HS- | C] () -- C:\ProgramData\.zreglib
[2010.04.01 14:42:51 | 000,038,421 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\Kommagetrennte Werte (DOS).ADR
[2010.03.31 08:49:12 | 000,000,019 | ---- | C] () -- C:\Users\Chris\.antileechdir
[2009.09.11 08:35:15 | 000,018,871 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\UserTile.png

< End of report >
         
__________________

Alt 24.07.2012, 22:38   #4
t'john
/// Helfer-Team
 
Bundespolizei Trojaner - Standard

Bundespolizei Trojaner



Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

  • Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
  • Starte die OTL.exe.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:


Code:
ATTFilter
:OTL
SRV - (Akamai) -- c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll () 
SRV - (dtpd) -- C:\Programme\ShrewSoft\VPN Client\dtpd.exe () 
SRV - (iked) -- C:\Programme\ShrewSoft\VPN Client\iked.exe () 
SRV - (ipsecd) -- C:\Programme\ShrewSoft\VPN Client\ipsecd.exe () 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC 
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421; 
FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)" 
FF - prefs.js..browser.startup.homepage: "about:blank" 
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.8.5 
FF - prefs.js..extensions.enabledItems: {F645A8C9-E969-42D9-B3F3-F325537222FD}:1.1.6 
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 
FF - prefs.js..extensions.enabledItems: zotero@chnm.gmu.edu:2.1.1 
FF - prefs.js..extensions.enabledItems: {c151d79e-e61b-4a90-a887-5a46d38fba99}:2.6.1 
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 
FF - prefs.js..extensions.enabledItems: web2pdfextension@web2pdf.adobedotcom:1.0 
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 
FF - user.js - File not found 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found 
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) 
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) 
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Chris\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) 
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Chris\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) 
O4 - HKLM..\Run: [] File not found 
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Chris\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc) 
O4 - Startup: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Chris\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found 
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found 
O16:64bit: - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.1.66.0.cab (Reg Error: Key error.) 
O16 - DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 vpnweb.cab (Reg Error: Key error.) 
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found 
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found 
O32 - HKLM CDRom: AutoRun - 1 

:Files

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1692090429-3976311990-559747717-1001UA.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\ProgramData\piz_0ef.pad
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1692090429-3976311990-559747717-1001Core.job

ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[emptyflash]
         
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Wenn OTL einen Neustart verlangt, bitte zulassen.
  • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!
__________________
Mfg, t'john
Das TB unterstützen

Alt 26.07.2012, 17:27   #5
mr-blister
 
Bundespolizei Trojaner - Standard

Bundespolizei Trojaner



Code:
ATTFilter
All processes killed
========== OTL ==========
Service Akamai stopped successfully!
Service Akamai deleted successfully!
c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll moved successfully.
Service dtpd stopped successfully!
Service dtpd deleted successfully!
C:\Programme\ShrewSoft\VPN Client\dtpd.exe moved successfully.
Service iked stopped successfully!
Service iked deleted successfully!
C:\Programme\ShrewSoft\VPN Client\iked.exe moved successfully.
Service ipsecd stopped successfully!
Service ipsecd deleted successfully!
C:\Programme\ShrewSoft\VPN Client\ipsecd.exe moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Prefs.js: "Wikipedia (de)" removed from browser.search.selectedEngine
Prefs.js: "about:blank" removed from browser.startup.homepage
Prefs.js: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.8.5 removed from extensions.enabledItems
Prefs.js: {F645A8C9-E969-42D9-B3F3-F325537222FD}:1.1.6 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 removed from extensions.enabledItems
Prefs.js: zotero@chnm.gmu.edu:2.1.1 removed from extensions.enabledItems
Prefs.js: {c151d79e-e61b-4a90-a887-5a46d38fba99}:2.6.1 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 removed from extensions.enabledItems
Prefs.js: web2pdfextension@web2pdf.adobedotcom:1.0 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 removed from extensions.enabledItems
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ deleted successfully.
C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ deleted successfully.
File C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll not found.
Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ deleted successfully.
C:\Users\Chris\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll moved successfully.
Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ deleted successfully.
File C:\Users\Chris\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Akamai NetSession Interface deleted successfully.
C:\Users\Chris\AppData\Local\Akamai\netsession_win.exe moved successfully.
C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk moved successfully.
C:\Users\Chris\AppData\Roaming\Dropbox\bin\Dropbox.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoCDBurning deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Nach Microsoft E&xel exportieren\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Nach Microsoft E&xel exportieren\ not found.
Starting removal of ActiveX control {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F}
C:\Windows\Downloaded Program Files\srldetect.inf moved successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CF84DAC5-A4F5-419E-A0BA-C01FFD71112F}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CF84DAC5-A4F5-419E-A0BA-C01FFD71112F}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CF84DAC5-A4F5-419E-A0BA-C01FFD71112F}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CF84DAC5-A4F5-419E-A0BA-C01FFD71112F}\ not found.
Starting removal of ActiveX control 55963676-2F5E-4BAF-AC28-CF26AA587566 vpnweb.cab
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\55963676-2F5E-4BAF-AC28-CF26AA587566 vpnweb.cab\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\55963676-2F5E-4BAF-AC28-CF26AA587566 vpnweb.cab\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
========== FILES ==========
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1692090429-3976311990-559747717-1001UA.job moved successfully.
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\Windows\tasks\Adobe Flash Player Updater.job moved successfully.
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\ProgramData\piz_0ef.pad moved successfully.
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1692090429-3976311990-559747717-1001Core.job moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Chris\Desktop\cmd.bat deleted successfully.
C:\Users\Chris\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Chris
->Temp folder emptied: 5723214775 bytes
->Temporary Internet Files folder emptied: 76448795 bytes
->Java cache emptied: 3818543 bytes
->FireFox cache emptied: 830001073 bytes
->Google Chrome cache emptied: 395594749 bytes
->Flash cache emptied: 152754 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56466 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
User: Sabine
->Temp folder emptied: 499803 bytes
->Temporary Internet Files folder emptied: 1442891 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 105942720 bytes
->Flash cache emptied: 1361 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1036341 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 586806016 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67765 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 7.367,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Chris
->Flash cache emptied: 0 bytes
 
User: Default
->Flash cache emptied: 0 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: Public
 
User: Sabine
->Flash cache emptied: 0 bytes
 
Total Flash Files Cleaned = 0,00 mb
 
 
OTL by OldTimer - Version 3.2.54.0 log created on 07262012_165948

Files\Folders moved on Reboot...
C:\Users\Chris\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\Chris\AppData\Local\Temp\~DFCCEB3BF224F0FDA8.TMP not found!
File\Folder C:\Users\Chris\AppData\Local\Temp\~DFF9E9D34AE6A91B18.TMP not found!
File move failed. C:\Windows\temp\vmware-SYSTEM\vmauthd.log scheduled to be moved on reboot.
C:\Windows\temp\vmware-SYSTEM\vmware-usbarb-SYSTEM-1708.log moved successfully.
File move failed. C:\Windows\temp\TmpFile1 scheduled to be moved on reboot.

PendingFileRenameOperations files...
File C:\Users\Chris\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
File C:\Users\Chris\AppData\Local\Temp\~DFCCEB3BF224F0FDA8.TMP not found!
File C:\Users\Chris\AppData\Local\Temp\~DFF9E9D34AE6A91B18.TMP not found!
[2012.07.26 17:07:02 | 000,002,013 | ---- | M] () C:\Windows\temp\vmware-SYSTEM\vmauthd.log : Unable to obtain MD5
File C:\Windows\temp\vmware-SYSTEM\vmware-usbarb-SYSTEM-1708.log not found!
[2012.07.26 17:06:55 | 008,405,015 | ---- | M] () C:\Windows\temp\TmpFile1 : Unable to obtain MD5

Registry entries deleted on Reboot...
         


Alt 26.07.2012, 17:28   #6
t'john
/// Helfer-Team
 
Bundespolizei Trojaner - Standard

Bundespolizei Trojaner



Sehr gut!

Wie laeuft der Rechner?

1. Schritt
Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".
danach:

2. Schritt

Downloade Dir bitte AdwCleaner auf deinen Desktop.

  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Search.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.
__________________
--> Bundespolizei Trojaner

Alt 26.07.2012, 17:49   #7
mr-blister
 
Bundespolizei Trojaner - Standard

Bundespolizei Trojaner



Rechner läuft wie geschmiert. Super!
(auch wenn ich nicht genau verstanden habe was der Fix von OTL gemacht hat)

Malwarebytes läuft gerade (aber dauert ja immer länger)
Log wird dann natürlich gleich gepostet.

Ansonsten benutze ich ab jetzt nur noch sandboxed Browsing

Malwarebytes hat schonmal nichts gefunden

Code:
ATTFilter
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.26.12

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Chris :: CHRIS-MASTER-PC [Administrator]

26.07.2012 19:08:05
mbam-log-2012-07-26 (19-08-05).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 447397
Laufzeit: 1 Stunde(n), 27 Minute(n), 41 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
Und der AdwCleaner

Code:
ATTFilter
# AdwCleaner v1.703 - Logfile created 07/26/2012 at 20:43:46
# Updated 20/07/2012 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : Chris - CHRIS-MASTER-PC
# Running from : C:\Users\Chris\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Program Files\Babylon

***** [Registry] *****

Key Found : HKCU\Software\Conduit
Key Found : HKLM\SOFTWARE\Classes\AppID\BHO.DLL
Key Found : HKLM\SOFTWARE\DT Soft
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
[x64] Key Found : HKCU\Software\Conduit
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\BHO.DLL

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2D5E2D34-BED5-4B9F-9793-A31E26E6806E}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2D5E2D34-BED5-4B9F-9793-A31E26E6806E}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (de)

Profile name : default 
File : C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\7p1ykuvx.default\prefs.js

Found : user_pref("surfcanyon.fractions", "0.0_0.0\r\n");
Found : user_pref("surfcanyon.last_checked_ts", "1266927658093");

Profile name : default 
File : C:\Users\Sabine\AppData\Roaming\Mozilla\Firefox\Profiles\5kg6x7mv.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v20.0.1132.57

File : C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1791 octets] - [26/07/2012 20:43:46]

########## EOF - C:\AdwCleaner[R1].txt - [1919 octets] ##########
         

Alt 31.07.2012, 17:10   #8
t'john
/// Helfer-Team
 
Bundespolizei Trojaner - Standard

Bundespolizei Trojaner



Sehr gut!


  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Delete.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.




danach:


Malware-Scan mit Emsisoft Anti-Malware

Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm.
Lade über Jetzt Updaten die aktuellen Signaturen herunter.
Wähle den Freeware-Modus aus.

Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers.
Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten.

Anleitung: http://www.trojaner-board.de/103809-...i-malware.html
__________________
Mfg, t'john
Das TB unterstützen

Alt 21.08.2012, 04:39   #9
t'john
/// Helfer-Team
 
Bundespolizei Trojaner - Standard

Bundespolizei Trojaner



Fehlende Rückmeldung

Gibt es Probleme beim Abarbeiten obiger Anleitung?

Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen.

Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema.
http://www.trojaner-board.de/69886-a...-beachten.html


Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist.
__________________
Mfg, t'john
Das TB unterstützen

Antwort

Themen zu Bundespolizei Trojaner
administrator, anti-malware, appdata, autostart, backdoor.poison, code, ctfmon.lnk, dateien, eset, explorer, gelöscht, heuristiks/extra, heuristiks/shuriken, internet, log, malwarebytes, microsoft, neu, online, quarantäne, roaming, scanner, speicher, surfen, system, temp, tmp, trojan.flystudio, trojaner, version



Ähnliche Themen: Bundespolizei Trojaner


  1. Bundespolizei Trojaner
    Log-Analyse und Auswertung - 03.10.2012 (38)
  2. BUNDESPOLIZEI Trojaner
    Log-Analyse und Auswertung - 08.08.2012 (7)
  3. Bundespolizei Trojaner
    Mülltonne - 20.07.2012 (0)
  4. Trojaner Bundespolizei
    Log-Analyse und Auswertung - 16.06.2012 (1)
  5. Bundespolizei Trojaner 1.09
    Plagegeister aller Art und deren Bekämpfung - 20.04.2012 (17)
  6. Bundespolizei Trojaner auf win XP
    Log-Analyse und Auswertung - 12.04.2012 (1)
  7. Bundespolizei Trojaner!
    Plagegeister aller Art und deren Bekämpfung - 29.12.2011 (5)
  8. Bundespolizei Trojaner
    Log-Analyse und Auswertung - 26.12.2011 (8)
  9. Bundespolizei Trojaner??
    Plagegeister aller Art und deren Bekämpfung - 26.12.2011 (27)
  10. Bundespolizei Trojaner - Win XP
    Log-Analyse und Auswertung - 18.12.2011 (1)
  11. Bundespolizei Trojaner
    Log-Analyse und Auswertung - 08.11.2011 (1)
  12. Bundespolizei Trojaner
    Plagegeister aller Art und deren Bekämpfung - 09.08.2011 (1)
  13. Bundespolizei Trojaner
    Plagegeister aller Art und deren Bekämpfung - 09.08.2011 (1)
  14. Bundespolizei-Trojaner
    Plagegeister aller Art und deren Bekämpfung - 09.08.2011 (3)
  15. Bundespolizei-Trojaner
    Log-Analyse und Auswertung - 07.08.2011 (1)
  16. Bundespolizei Trojaner
    Log-Analyse und Auswertung - 16.04.2011 (6)
  17. Bundespolizei-Trojaner
    Log-Analyse und Auswertung - 16.04.2011 (3)

Zum Thema Bundespolizei Trojaner - Hallo Leute mal wieder der Bundespolizei Trojaner. Dieses mal hat es mich erwischt. War im Internet surfen und auf einmal kommt das berühmte Bild. Hab dann neu gestartet im abgesicherten - Bundespolizei Trojaner...
Archiv
Du betrachtest: Bundespolizei Trojaner auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.